Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Unskilled Pro-ISIS Hackers A Growing Threat

Pro-ISIS hackers promote violence and are making strides with new tools, tactics and procedures, establishing themselves as a growing threat.

Hackers sympathetic to ISIS may lack the funding and talent of government-sponsored hackers, but they merit attention because of their promotion of physical violence and ability to incite others via social media to target individuals or groups.

A report today by security company Flashpoint points out that while these groups are not official members of ISIS, they are getting better and some day could gain the funding and training needed to carry out attacks where critical systems or data is impacted.

For now, however, the groups showing sympathy toward ISIS seem to be content with trivial hacks against social media accounts and claiming previous hacks where personal data was stolen and dumped online as their own. Additionally, ISIS has never claimed to sponsor any of their cyber operations.

“They have not a reached a level of sophistication where they can attack critical infrastructure or a major database,” Laith Alkhouri, co-founder and director of Middle East and North Africa research at Flashpoint. “I would characterize their attacks so far as unsophisticated and done to generate notoriety within the group and create a frenzy in the media and with security officials.”

Alkhouri pointed to a couple of recent incidents where the so-called ISIS Caliphate Cyber Army published names, addresses and phone numbers of Minnesota law enforcement officers, leading some to speculate this was some sort of kill list.

“Many times they are just re-purposing or repackaging information that has been found online,” Alkhouri said. “There’s no evidence they did it, but if they repackage something as a target list, that will generate the most publicity for them.”

Flashpoint’s business model is providing intelligence culled from its monitoring of Dark Web sites. Alkhouri said the company has subject matter experts with linguistic and cultural expertise who embed themselves in these pro-ISIS channels. Rather than simply monitor social media outlets, where most terror organizations are most publicly recruiting sympathizers, Flashpoint, Alkhouri said, stays in areas where communication is encrypted and strategy and propaganda is disseminated.

These pro-terror hacking collectives are an anomaly, Alkhouri said, even drawing the ire of other hacking groups such as Anonymous.

“These supporters of ISIS may not have the skill set to shoot an AK-47, but they are tech-savvy and are willing to sit on their computers for hours to advance their hacking skills and support the group in that manner,” Alkhouri said. “That willingness and interest is increasing over time, and they are in the process of advancing their skills, and it’s going to grow on an accelerating basis.”

The U.S. military, in the meantime, is reportedly carrying out network attacks against the Islamic State, according to a Sunday New York Timesreport. The article says that U.S. Cyber Command will soon being operations against ISIS in the hopes of disrupting its ability to spread propaganda and recruit new members, in addition to cut off communication between leaders.

“Those guys are preaching physical violence as much as they are preaching cyber attacks,” Alkhouri said of the pro-ISIS hackers. “They want to use information to harm people. You don’t see other groups preach physical attacks on individuals; these guys are.”

The Flashpoint report identifies at least five different pro-ISIS hacker groups before a formal merger announced over Telegram on April 4 resulting in the formation of the United Cyber Caliphate. Despite the coordination, Flashpoint said the group still lacks an organizational coherence.

The report also identifies a handful of individuals, including two killed in U.S. drone strikes for their work on the ground as ISIS fighters and as pro-ISIS hackers. Junaid Hussain has the lasting legacy among these individuals. Hussain, whose hacker moniker was TriCk and was a member of TeaMp0isoN, recruited ISIS fighters and incited others to attack individuals before he was killed last August in a drone strike.

The report said others such as his wife, Sally Jones (or Umm Hussain Britaniya), have taken up his cause with violent messaging against U.S. military members.

“While these groups are under-resourced, by no means are they going to stay the same way,” Alkhouri said. “It’s best to keep a close eye on their activities in anticipation of what they want to do tomorrow.”

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.